| Description | This article describes the reason for the PKCS12 certificate upload failure in FortiAuthenticator. |
| Scope | FortiAuthenticator. |
| Solution |
PKCS12 certificates in the .p12 format are accepted by FortiAuthenticator.
Navigate to Certificate Management -> End Entities -> Local Services, select the Import button, and import pkcs12 certificate. Enter the password and certificate ID, select Import.
FortiAuthenticator gives the error ''<cert name>' is not a PKCS12 certificate' as below, even though the certificate is correct.
Check the encryption algorithm used in that certificate using OpenSSL with the following command: openssl pkcs12 -info -in "C:\Program Files\OpenSSL-Win64\<cert-name including extension>"
The output shows the usage of the weak RC2-40-CBC cipher, which FortiAuthenticator does not support. Hence, it is impossible to decrypt the file, and it gives an error. |
